Jump to content

Title: Super Injection Tool for SQL Blind Injection Quick Data Output

UKhackteam
UKhackteam
in Hacker Cracking / Penetration Testing / Cybersecurity

Featured Replies

Posted

Some friends often encounter problems with SQL injection in the group. Sometimes there is waf, sometimes it is blind, and sometimes it doesn’t know how to start? Today I share a tool with the name of the Super Injection Tool

Download address: https://github.com/shack2/SuperSQLInjectionV1

Case 1: Blind note with waf

ld2vnouxezx19550.png

As shown in the figure below, single quotes report errors, and error echoes. This situation is a typical Boolean blind note. As long as we can construct a statement such as and 1=1 or or 1=1, data can be produced.

0hcjxhzb5ml19551.png

Here is the mysql database, which is usually used to use if function to inject Boolean. Waf usually does not block a single if(), but will block if(1,1,1) such as if. If it is blocked, you can replace 1 with 11-10 and 2 with 12-10.

cszfw3rv4jx19552.png

h4fhc5kyebk19553.png

Then, just use a shuttle for the Super Injection Tool.

qkn2ajbmcgl19554.png

Bypassing the waf rule is the following, it is relatively simple

ss5nsxjg41f19555.png

Case 2:

The and constructed in Case 1 is to identify the content returned by the page for the super injection tool, and to determine the correct page field of 1=1 and the field of the wrong page of 1=2. Normal tools cannot recognize the injection point, so you need to specify the field and give the tool a basis for boolean injection!

Let's take a look at another example, I hope you can understand what I mean,

The following figure is still mysql, successfully constructing an if

thzm05v1bro19556.png

g4iiwves21i19557.png

The message is pasted into the super injection tool. This tool will only test 1=1 and 1=2 when testing blind betting. Therefore, set payload at the first position of if, look at the box in the lower right corner, and the echo value of the correct page has been identified. Then, the data will come out!

dbfpi2ogw0k19558.png

Case 3:

Here is a mssql type,

That is, Sql-server. The site has waf. Test oR 1=1 and 1=2 without intercepting. Use 1=1 to construct the data packet. The SQL injection tool can recognize the Boolean value.

kpz2xfdjmv019559.png

Then there is no brainstorm for data.

lmjuesznpwn19560.png

Original connection: https://mp.weixin.qq.com/s/jrv1ZLjZ3IbtloRCXWDo-Q

  • Quote

    • Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Reply to this topic...
    Go to topic listing

    Important Information

    HackTeam Cookie PolicyWe have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.